Uniform conventions for resource access and Single Sign On (SSO) used in these domains.

• Agent Tuple

  An ordered tuple factor-0, factor-1, ... carries the context of the domain user. To the extent possible the system avoids exposing the detailed semantics of the elements.

• Multi Factor Authentication

  A role secret pair never is a stand alone pass to high privilege levels. The default additional method is QR code scanned by a mobile device.

• Transparent/Automatic Operation

  To the extent possible, the system operates automatically with minimized user interaction.